Securing the Server

To integrate CAF and KM systems, you use the Document and DocContent data services from CAF. By default, access to these services is not sufficiently protected. This means that any user who successfully authenticated to AS Java can potentially access the metadata of deployed CAF applications, as well as the Web services used for integration with KM in an undesired way.

To secure the access to the data services used in the integration scenario, we strongly recommend that you follow the configuration procedures below. The configuration procedure does not interrupt the operation of your CAF applications.

Prerequisites

You have updated the KM AS Java to the latest SAP NetWeaver support package.

Procedure

Preparing the Server on the CAF Side

Log on to the SAP NetWeaver Administrator, using the following URL: http:<host>:<port>/nwa
Choose Configuration → Security → Authentication and Single Sign-On → Authentication →Components.
Select the sap.com/caf~km~ear*CAFDataService_Config component.
Switch to edit mode and set Used template to none.
Add EvaluateAssertionTicketLoginModule. Modify it as follows:
1. Move it to the first position.
2. Set Flag to SUFFICIENT.
  
  Note
  
  You have to execute these steps for all of the client CAF AS Java of a particular KM AS Java.

Preparing the Client on the KM Side

More information: http://help.sap.com/saphelp_nw70ehp1/helpdata/en/d6/ceb82a00da4c18b2832b6bc545a521/frameset.htm

Securing the Server on the CAF Side

1. Log on to the SAP NetWeaver Administrator, using the following URL: http:<host>:<port>/nwa .

2. Choose Configuration → Security → Authentication and Single Sign-On → Authentication →Components.

3. Select the sap.com/caf~km~ear*CAFDataService_Config component.

4. Switch to edit mode and set Used template to evaluate_assertion_ticket.

Securing the Server on the KM Side

More information: http://help.sap.com/saphelp_nw70ehp1/helpdata/en/d6/ceb82a00da4c18b2832b6bc545a521/frameset.htm